package com.fanghuyun.iswaf.function;

import java.util.Properties;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

import com.fanghuyun.iswaf.common.ClientLogger;
import com.fanghuyun.iswaf.common.Constants;
import com.fanghuyun.iswaf.filter.DoFilter;

public class WebServer extends DoFilter{
	
	private static Logger logger = Logger.getLogger("iswaf");
	
	public static boolean safe(HttpServletRequest request,Properties properties){
		try {
			String servers = properties.getProperty("function.servers.not_allow_access_url");
			if(Pattern.compile("select.+\b("+(StringUtils.join(servers.split(","),"|"))+")\b",Pattern.CASE_INSENSITIVE).matcher(request.getRequestURI()).find()){
				ClientLogger.addAttackLogs(request, Constants.SYS_FUNCTION_WEB_SERVERS);
				return true;
			}
		} catch (Exception e) {
			logger.error(e);
		}
		return false;
	}
	

}
